The system is 7.2-1511, the basic optimization after the installation is complete.
650) this.width=650; "src=" Http://img.baidu.com/hi/jx2/j_0003.gif "alt=" J_0003.gif "/>
1 modifying the NIC to Eth0
2 Updating the system
3 Adding Execute permissions to/etc/rc.local
4 Add User Hequan
5 disabling SELinux
6 shutting down the firewall installation iptables
7 Modifying host Names
8 Viewing and managing services
9 Setting the character set
Ten Yum
11 Configuring SSHD
12 increase the limit on the number of open files
13 Optimizing the Kernel
Set up between 14 o'clock
1 modifying the NIC to Eth0
cd /etc/sysconfig/network-scripts/vim ifcfg-eno16777729type=ethernetbootproto=staticipaddr=192.168.1.201netmask=255.255.255.0gateway= 192.168.1.1defroute=yespeerdns=yespeerroutes=yesipv4_failure_fatal=noname=eth0uuid= efd17b9a-a5ab-4c94-be62-d2c32eb48a7edevice=eth0onboot=yesdns1=202.106.0.20
mv ifcfg-eno16777729 ifcfg-eth0vi /etc/ Sysconfig/grubgrub_timeout=5grub_distributor= "$ (sed ' s, release .*$,,g ' /etc/ system-release) "grub_default=savedgrub_disable_submenu=truegrub_terminal_output=" Console "GRUB_CMDLINE_LINUX=" Net.ifnames=0 biosdevname=0 rhgb quiet " #添加 Net.ifnames=0 biosdevname=0grub_disable_recovery= "true" grub2-mkconfig -o /boot/grub2/grub.cfg #生成启动菜单Generating grub configuration file , ..... found linux image: /boot/vmlinuz-3.10.0-327.el7.x86_64found initrd image: /boot/ initramfs-3.10.0-327.el7.x86_64.imgfound linux image: /boot/ vmlinuz-0-rescue-e8675ae79abd41309dac42388f8d9116found initrd image: /boot/ Initramfs-0-rescue-e8675ae79abd41309dac42388f8d9116.imgreboot
IP addr or yum install Net-tools #默认centos7不支持ifconfig need to see Net-tools package ifconfig eth0 #在次查看网卡信息
2 Updating the system
Yum Update-y
3 Adding Execute permissions to/etc/rc.local
[Email protected] ~]# ll/etc/rc.locallrwxrwxrwx. 1 root root 6 07:28/etc/rc.local, Rc.d/rc.local[[email protected] ~]# ll/etc/rc.d/rc.local-rw-r--r--. 1 root root 473 may 2016/etc/rc.d/rc.local[[email protected] ~]# chmod +x/etc/rc.d/rc.local
4 Add User Hequan
[[email protected] ~]# useradd hequan[[email protected] ~]# echo 123456 | passwd --stdin hequanchanging password for user Hequan.passwd: all authentication tokens updated successfully. [[email protected] ~]# usermod -g wheel hequan[[email protected] ~]# sed -i ' 6s/^#//g ' /etc/pam.d/su[[email protected] ~]# grep wheel /etc/pam.d/su #只有WHEEL组的可以su # uncomment the following line to implicitly trust users in the "Wheel" group. #auth sufficient pam_wheel.so trust use_uid# uncomment the following line to require a user to be in the "Wheel" group.auth required pam_wheel.so use_uid
Extension: Add sudo for the user Hequan, except for all other operations that are off the computer:
[Email protected] ~]# Visudocmnd_alias SHUTDOWN =/sbin/halt,/sbin/shutdown,/sbin/poweroff,/sbin/reboot,/sbin/ Inithequan all= (All) all,! Shutdown%wheel all= (All) all,! SHUTDOWN #修改Defaults Logfile=/var/log/sudo.log
5 disabling SELinux
[Email protected] ~]# grep-i ^selinux/etc/selinux/configselinux=enforcingselinuxtype=targeted[[email protected] ~]# Sed-i '/^selinux/s/enforcing/disabled/g '/etc/selinux/config[[email protected] ~]# grep-i ^selinux/etc/selinux/con Figselinux=disabledselinuxtype=targeted[[email protected] ~]# getenforceenforcing[[email protected] ~]# reboot
6 shutting down the firewall installation iptables
Systemctl Stop firwalld systemctl disable firwalld yum install iptables-services-y #安装
7 Modifying host Names
[Email protected] ~]# hostnamectl set-hostname hequan.com[[email protected] ~]# hostnamehequan.com
8 Viewing and managing services
[[email protected] ~]# systemctl-t service[[email protected] ~]# systemctl list-unit-files-t Service
9 Setting the character set
[Email protected] ~]# echo $LANGzh _cn. Utf-8[[email protected] ~]# vi/etc/locale.conflang= "en_US. UTF-8 "[[email protected] ~]# source/etc/locale.conf
Ten Yum
Yum install gcc cmake bzip2-devel curl-devel db4-devel libjpeg-devel libpng-devel freetype-devel libxpm-devel gmp-devel li Bc-client-devel openldap-devel unixodbc-devel postgresql-devel sqlite-devel aspell-devel net-snmp-devel libxslt-devel Libxml2-devel pcre-devel mysql-devel pspell-devel libmemcached libmemcached-devel zlib-devel vim wget lrzsz Tree
Mv/etc/yum.repos.d/centos-base.repo/etc/yum.repos.d/centos-base.repo.backupcd/etc/yum.repos.d/wget/HTTP Mirrors.163.com/.help/centos7-base-163.repoyum Clean Allyum Makecache
Other
yum -y install yum-plugin-priorities ## Install priority plug-in sed -i -e "s/\]$/\]\npriority=1/g" /etc/yum.repos.d/centos-base.repo ## Set the priority for the basic Yum source to 1yum -y install epel-release # #安装epel源sed -i -e s /\]$/\]\npriority=5/g " /etc/yum.repos.d/epel.repo # #设置优先级为5sed -i -e " s/enabled=1/ Enabled=0/g " /etc/yum.repos.d/epel.repo # #禁用epel源yum -y install http:// pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm # #安装rpmforge的源sed -i -e "s/\]$/\]\npriority=10/g" /etc/yum.repos.d/rpmforge.repo # #设置优先级为10sed -i -e "S/enabled = 1/enabled = 0/g" /etc/yum.repos.d/rpmforge.repo ## How to disable Yum Source usage: yum --enablerepo=rpmforge install [package]
11 Configuring sshd
sed -i -e ' 49s/^#//g ' /etc/ssh/sshd_config # #启用49行配置sed -i -e ' 49s/yes/no/g ' /etc/ssh/sshd_config # #禁止root使用ssh登录sed -i -e ' 129s/#/ /g ' /etc/ ssh/sshd_config # #禁止UseDNS sed -i -e ' 129s/yes$/no/g ' /etc/ssh/sshd_configsed -i '/^gss/s/yes/no/g ' /etc/ssh/sshd _config # #禁用GSSAPI认证加快登录速度systemctl restart sshd # #重新启动服务systemctl enable sshd # #设置为开机启动systemctl status sshd ## View status sshd.service - OpenSSH server daemon Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled) active: active (running) since a 2016-06-06 00:16:26 cst; 1min 3s ago
12 increase the limit on the number of open files
Ulimit-nulimit-avi/etc/security/limits.conf last Add * soft nofile 1024000* hard nofile 1024000hive-nofile 1024000hive -Nproc 1024000 user process limit [[email protected] ~]# sed-i ' s#4096#65535#g '/etc/security/limits.d/20-nproc.conf #加大普通用户限制 can also To Unlimited[[email protected] ~]# egrep-v "^$|^#"/etc/security/limits.d/20-nproc.conf * Soft Nproc 65535root Soft Nproc Unlimitedreboot
13 Optimizing kernel
CAT /ETC/SYSCTL.CONF#CTCDN System Optimization Parameters # Close ipv6net.ipv6.conf.all.disable_ipv6 = 1net.ipv6.conf.default.disable_ipv6 = 1# decided to check how long the neighbor entry net.ipv4.neigh.default.gc_stale_time=120# use Arp_ Announce / arp_ignore Resolving ARP mapping problems net.ipv4.conf.default.arp_announce = 2net.ipv4.conf.all.arp_ announce=2net.ipv4.conf.lo.arp_announce=2# Avoid amplification attacks net.ipv4.icmp_echo_ignore_broadcasts = 1# Turn on malicious ICMP error message protection net.ipv4.icmp_ignore_bogus_error_responses = 1# turn off route forwarding net.ipv4.ip_forward = 0net.ipv4.conf.all.send_redirects = 0net.ipv4.conf.default.send_redirects = 0# Turn on reverse path filtering net.ipv4.conf.all.rp_filter = 1net.ipv4.conf.default.rp_filter = 1# Package net.ipv4.conf.all.accept_source_route = 0net.ipv4.conf.default.accept_source_route = for handling passive routes 0# off SysRq function kernel.sysrq = 0#core add PID as extension in file name kernel.core_uses_pid = 1# Open SYN Flood attack protection net.ipv4.tcp_syncookies = 1# Modify Message Queue Length kernel.msgmnb = 65536kernel.msgmax = 65536# set maximum memory share segment size byteskernel.shmmax = Number of 68719476736kernel.shmall = 4294967296#timewait, default 180000net.ipv4.tcp_max_tw_buckets = 6000net.ipv4.tcp_sack = 1net.ipv4.tcp_window_scaling = 1net.ipv4.tcp_rmem = 4096 87380 4194304net.ipv4.tcp_wmem = 4096 16384 4194304net.core.wmem_default = 8388608net.core.rmem_default = 8388608net.core.rmem_max = 16777216net.core.wmem_max = 16777216# the maximum number of packets that are allowed to be sent to the queue when the rate at which each network interface receives packets is faster than the rate at which the kernel processes these packets net.core.netdev_max_backlog = The 262144# limit is only intended to prevent a simple dos attack net.ipv4.tcp_max_orphans = 3276800# The maximum number of connection requests that do not receive client acknowledgement information Net.ipv4.tcp_max The _syn_backlog = 262144net.ipv4.tcp_timestamps = 0# kernel discards the number of synack packets sent before the connection is established NET.IPV4.TCP_ synack_retries = 1# the kernel abandons the connection before it is establishedNumber of syn packets sent net.ipv4.tcp_syn_retries = 1# enable timewait Quick Recycle net.ipv4.tcp_tw_recycle = # Open Reuse. Allows time-wait sockets to be re-used for new tcp connections net.ipv4.tcp_tw_reuse = 1net.ipv4.tcp_mem = 94500000 915000000 927000000net.ipv4.tcp_fin_timeout = 1# when keepalive is employed, the TCP Frequency of sending keepalive messages. The default is 2 hours net.ipv4.tcp_keepalive_time = 1800net.ipv4.tcp_keepalive_probes = 3net.ipv4.tcp_keepalive_intvl = 15# allows the system to open the port range net.ipv4.ip_local_port_range = 1024 65000# Modify firewall table size, default 65536net.netfilter.nf_conntrack_max=655350net.netfilter.nf_conntrack_tcp_ timeout_established=1200# ensures that no one can modify the routing table net.ipv4.conf.all.accept_redirects = 0net.ipv4.conf.default.accept_redirects = 0net.ipv4.conf.all.secure_redirects = 0net.ipv4.conf.default.secure_redirects = 0 This article is from "Lanzhi" blog, be sure to keep this source http://7826443. Blog.51cto.com/7816443/1775248sysctl -p #生效
Set up between 14 o'clock
Yum Install CHRONYVI/ETC/CHRONY.CONF1 server 0.CENTOS.POOL.NTP.ORG2 server 3.europe.pool.ntp.orgsystemctl enable Chronyd.servicesystemctl start chronyd.servicetimedatectl set-timezone asia/shanghaitimedatectl set-time "2015-01-21 11:50:00 "(can only modify one of them) modified date time Timedatectl view time status Chronyc sources-v view time synchronization source Chronyc sourcestats-v
This article is from the "what-all" blog, please be sure to keep this source http://hequan.blog.51cto.com/5701886/1789146
centos7.2 System Basic Optimization